[tcmtf] Security Threat: Compression Ratio Info-leak Made Easy (CRIME)
Martin Stiemerling <martin.stiemerling@neclab.eu> Thu, 20 June 2013 08:13 UTC
Return-Path: <Martin.Stiemerling@neclab.eu>
X-Original-To: tcmtf@ietfa.amsl.com
Delivered-To: tcmtf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix)
with ESMTP id DB84111E810B for <tcmtf@ietfa.amsl.com>;
Thu, 20 Jun 2013 01:13:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.42
X-Spam-Level:
X-Spam-Status: No, score=-103.42 tagged_above=-999 required=5 tests=[AWL=0.179,
BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id svp6RXJlWuk6 for
<tcmtf@ietfa.amsl.com>; Thu, 20 Jun 2013 01:13:17 -0700 (PDT)
Received: from mailer1.neclab.eu (mailer1.neclab.eu [195.37.70.40]) by
ietfa.amsl.com (Postfix) with ESMTP id 34CD521E80B0 for <tcmtf@ietf.org>;
Thu, 20 Jun 2013 01:13:17 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mailer1.neclab.eu
(Postfix) with ESMTP id 451521045CB for <tcmtf@ietf.org>;
Thu, 20 Jun 2013 10:12:55 +0200 (CEST)
X-Virus-Scanned: Amavisd on Debian GNU/Linux (netlab.nec.de)
Received: from mailer1.neclab.eu ([127.0.0.1]) by localhost (atlas-a.office.hd
[127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sBl4ueUKFmJw for
<tcmtf@ietf.org>; Thu, 20 Jun 2013 10:12:55 +0200 (CEST)
Received: from METHONE.office.hd (methone.office.hd [192.168.24.54]) by
mailer1.neclab.eu (Postfix) with ESMTP id 298991045CA for <tcmtf@ietf.org>;
Thu, 20 Jun 2013 10:12:50 +0200 (CEST)
Received: from [10.1.1.190] (10.1.1.190) by skoll.office.hd (192.168.125.11)
with Microsoft SMTP Server (TLS) id 14.1.323.3;
Thu, 20 Jun 2013 10:13:11 +0200
Message-ID: <51C2B996.2060904@neclab.eu>
Date: Thu, 20 Jun 2013 10:13:10 +0200
From: Martin Stiemerling <martin.stiemerling@neclab.eu>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
rv:17.0) Gecko/20130510 Thunderbird/17.0.6
MIME-Version: 1.0
To: "tcmtf@ietf.org" <tcmtf@ietf.org>
Content-Type: text/plain; charset="ISO-8859-1"; format=flowed
Content-Transfer-Encoding: 7bit
X-Originating-IP: [10.1.1.190]
Subject: [tcmtf] Security Threat: Compression Ratio Info-leak Made Easy (CRIME)
X-BeenThere: tcmtf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Tunneling Compressed Multiplexed Traffic Flows \(TCMTF\) discussion
list" <tcmtf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tcmtf>,
<mailto:tcmtf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tcmtf>
List-Post: <mailto:tcmtf@ietf.org>
List-Help: <mailto:tcmtf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tcmtf>,
<mailto:tcmtf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Jun 2013 08:13:22 -0000
Hi all, My fellow Security AD just pointed me to the following security threat that might also applicable in the case of tcmtf: Compression Ratio Info-leak Made Easy (CRIME), see [1]. Just to let you know for your considerations. Martin [1] http://en.wikipedia.org/wiki/CRIME_%28security_exploit%29 -- martin.stiemerling@neclab.eu NEC Laboratories Europe NEC Europe Limited Registered Office: Athene, Odyssey Business Park, West End Road, London, HA4 6QE, GB Registered in England 2832014
- [tcmtf] Security Threat: Compression Ratio Info-l… Martin Stiemerling
- Re: [tcmtf] Security Threat: Compression Ratio In… Jose Saldana